Aspects of the present invention relate in general to Internet security, and more particularly, to challenge response tests. A challenge response test such as a CAPTCHA (“Completely Automated Public Turing test to tell Computers and Humans Apart”) is method of determining whether a respondent to an inquiry is a human user or an automated computing device. Such tests are designed so that a human user will easily be able to pass the test while a computer will have difficulty passing the test. This is because the test requires certain cognitive abilities that computers do not have. Thus, if the test is passed, it can be assumed that the respondent is in fact human rather than machine.
CAPTCHA tests are often used when a user wishes to access an internet resource such as a database on an internet server. As the user attempts to access the database, the user is presented with the challenge response test. If the user passes the test, access to the database is allowed. However, if the user fails the test, access to the database is denied. Such tests are used to deter automated attack requests on a variety of web services. For example, an email service provider does not want someone to create a program to automatically create several email accounts which will likely be used for spamming purposes.
If a computer can respond correctly to a challenge response test, then the computer can access the protected computer resource. Some challenge response tests are fallible because malicious persons may be able to create cracking algorithms for specific challenge response tests. Thus, in order to create an effective challenge response test, it must be so difficult that the cost of creating a cracking algorithm prohibitively high.